HISPC Reports on State Health Information Law, Business Practice and Policy

The Office of the National Coordinator for Health Information Technology (ONC) has made available a compendium of reports which detail variations in state health information law, business practices and policy related to privacy and security of health information and the electronic exchange of health information.

The reports were developed in 2009 as a part of the ongoing efforts of the Health Information Security and Privacy Collaboration (HISPC) that started in 2006 when I had the the opportunity to work on the initial round of HISPC work as it related to West Virginia. The efforts by HISPC was to take a national look (at a state level) on the privacy and security challenges faced by the variation of state laws, policies and practices.

The reports will be a great resource for those who regularly look at state health information legal issues. Following are the summaries of the five reports along with links to the various tables/appendices:

  • Report on State Medical Record Access Laws This report analyzes state laws that are intended to require health care providers (specifically, medical doctors and hospitals) to afford individuals access to their own health information and to identify potential barriers to the electronic exchange of health information. Specific state law provisions examined: scope of medical records to which patients are afforded access, format of information furnished, deadlines for responding to requests, fees for furnishing copies, record retention laws and access to records of minors.
  • Report on State Law Requirements for Patient Permission to Disclose Health Information In Phase I of the HISPC project a majority of participants reported significant variation in the business practices and policies surrounding the need for and process of obtaining patient permission to use and disclose personal health information for a variety of purposes, including for treatment. This report furthers the initial work of this project by collating and analyzing state laws that govern the disclosure of identifiable health information for treatment purposes to identify commonalities and differences.
  • Releasing Clinical Laboratory Test Results: Report on Survey of State Laws For this report, state statutes and regulations were analyzed to determine to whom clinical laboratories may release test results. This report focused on clinical laboratory and hospital licensing laws (that contain standards for hospital laboratories). It also examined general state medical record access laws to determine whether they provided an avenue for patients to access their clinical laboratory results directly.
  • Report on State Prescribing Laws: Implications for e-Prescribing This report identifies and analyzes the impact and variation of state laws related to e-prescribing. The report addresses state laws related to the e-prescribing of controlled and non-controlled substances as well as topics such as record keeping and content requirements, out-of-state prescriptions, and generic substitution laws.
  • Perspectives on Patient Matching: Approaches, Findings, and Challenges This report analyzes various approaches to matching patients to their health information in the context of electronic health information exchange. Current and potential methods for matching patients to their health records are discussed, challenges to performing patient matching such as scalability and ease of use are analyzed, and the types of information some HIOs use to match patients to their health records is described.